Sunday, November 01, 2015

Since the cyber attack on our website on
Wednesday 21st October 2015, we have been working to establish what
happened and, importantly, understand the extent of any individual
customer data stolen during this attack. In light of the potential
scale of attack, our responsibility last week was to inform all
customers as quickly as possible. Our investigation continues, but
we now know the extent of the data accessed is significantly less
than originally suspected and can confirm that the following personal
data was accessed:

Less than
21,000 unique bank account numbers and sort codes

Less than
28,000 obscured credit and debit card details (as previously stated,
the middle 6 digits had been removed)

Less than
15,000 customer dates of birth

Less than 1.2 million customer email
addresses, names and phone numbers

Starting today, we are writing to all
customers who have been affected by this to let them know what
information has been accessed.

As we have previously confirmed, the
credit and debit card details cannot be used for financial
transactions. In addition, we have shared the affected bank details
with the major UK banks so they can take their usual actions to
protect customers’ accounts in
the highly unlikely event that a criminal attempts to defraud them.
[See below Bob]

(Related) Another young hacker. Are they a
'criminal gang' that met online? Should be interesting if any
details emerge.

Levi Winchester and Nick Gutteridge report that a
20-year old man from Staffordshire has become the third person
arrested in connection to the TalkTalk breach. It’s not clear from
the reporting whether either or both of the two teens previously
arrested provided information to the Metropolitan Police that led to
this arrest. Read more on The
Express.

Criminals
are selling the private details of thousands of British consumers
online as a result of the TalkTalk hacking scandal – and dozens
more major companies are affected, The Mail on Sunday can reveal.

Confidential
information including names, addresses, mobile phone numbers and bank
details of TalkTalk customers are being bought and sold by fraudsters
in illegal trading markets on the internet.

And
customer details of 14 other big-name brands, including Vodafone,
Visa, Sky TV, Amazon and Ticketmaster, are also being sold for as
little as 10p, leaving consumers vulnerable to a huge range of scams.

Tony
Scott – Federal CIO – Modernizing Federal Sybersecurity –
[October 30, 2015] “the Administration directed a series of actions
to continue strengthening Federal cybersecurity & modernizing the
government’s technology infrastructure. Strengthening the
cybersecurity of Federal networks, systems, and data is one of the
most important challenges we face as a Nation. Every day, public and
private sector leaders – my team included – are directing
significant resources to address this ever-growing problem. Yet as
cyber threats increase in severity, so does the pace of this
Administration’s efforts. Since
2009, the U.S. Government has implemented a wide range of
policies, both domestic and international, to improve our cyber
defenses, enhance our response capabilities, and upgrade our incident
management tools by:

Making
cybersecurity one of the Administration’s first cross-agency
priority management goals;

Spurring
information sharing through the President’s executive order to
encourage the development of Information Sharing and Analysis
Organizations (ISAOs) to serve as the hubs for sharing critical
cybersecurity information and promoting collaboration for analyzing
this information both within and across industry sectors;

After
guilty plea, judge confused as to why prosecutors still want iPhone
unlocked

Federal prosecutors have said that they are moving
forward in their attempt to compel Apple to unlock a seized
iPhone 5S running iOS 7, even after the defendant in a felony drug
case has now pleaded
guilty.

… As the judge wrote Friday:

In light of the fact that the defendant
against whom evidence from the subject telephone was to be used has
pleaded guilty, I respectfully direct the government to explain why
the application is not moot.

(Related) Some people see a market for
decryption. (But no benefit to hiring anyone who can write English.)

Hacking Team, the infamous Italy-based spyware
company that had more than 400
GB of its confidential information stolen earlier this year, has
resumed its operations and started pitching new hacking tools to help
US law enforcement gets around their encryption
issues.

… The announcement came in an email pitch sent
to existing and potential new customers on October 19 when Hacking
Team CEO David Vincenzetti
confirmed that Hacking Team is now "finalizing [its]
brand new and totally unprecedented cyber investigation solutions."

The e-mail is not made public, but Motherboard has
been able to obtain
a copy of it that states:

"Most [government
agencies] in the United States and abroad will become 'blind,' they
will 'go dark,' they will simply be unable to fight vicious phenomena
such as terrorism," wrote Vincenzetti. "Only the
private companies can help here; we are one of them."

"It is crystal
clear that the present American administration does not have the
stomach to oppose the American IT conglomerates and to approve
unpopularly, yet totally necessary, regulations," He added.

Should you tell Facebook that you're in the
Witness Protection Program? That you are hiding from an abusive
spouse? How sensitive is an explaination?

Microsoft
And Taser Announce Partnership To Boost Technology For Law
Enforcement

… On
Monday, TASER International, a developer, manufacturer and supplier
of smart weapons, body-worn cameras and evidence data storage for law
enforcement, announced
a partnership with Microsoft to bolster its technology.
According to Microsoft, the partnership will combine the Microsoft
Azure cloud and Windows 10 devices with TASER's Axon Platform and
Evidence.com solutions.

Each party
expects the collaborative effort will bolster the way law-enforcement
officials manage evidence including aspects like "ingesting,
retrieving, sharing, analyzing and archiving video," according
to Microsoft. The tech giant also claims that the partnership will
give law-enforcement agencies the peace of mind to entrust the
companies' combined technologies with the most critical evidence and
data.

Clear enough that I will share it with my Computer
Security students without worrying about spending half the class
explaining the “big words.”

Last Modified: October 28, 2015 – “Snapchat is
a fast and fun way to share experiences with your friends and the
world around you. You can send a photo or video Snap to friends,
chronicle your day through My Story, touch base using Chat, immerse
yourself in global events through Live, and enjoy handcrafted stories
from the world’s top publishers on Discover. When you use these
services—and any others we roll out—you’ll inevitably share
some information with us. We get that that can affect your privacy.
So we want to be upfront about the information we collect, how we use
it, whom we share it with, and the choices we give you to control,
access, and update your information. That’s why we’ve written
this privacy
policy. And it’s why we’ve tried to write it in a way that’s
blissfully free of the legalese that often clouds these documents.
Of course, if you still have questions about anything in our privacy
policy, just ping
us…”

I'd like to see the arguments on both sides. Do
we really want non-lethal weapons? What if this did not look like a
gun?

In light of the heated debates on the
controversial issue of gun control, and with anything that barely
resembles a weapon causing unnecessary attention from the police, is
it even safe to put out alternative weapons masquerading as a
handgun?

SALT, a weapon that looks like a gun but works
more like a pepper spray, was pulled off Indiegogo precisely because
of this.

… Unlike traditional handguns, which fire
bullets by way of an explosive, SALT uses carbon dioxide cartridges
similar to those used in airsoft guns to expel .70-caliber pepper
pellets that can temporarily disable an intruder for around half an
hour. The pellets contain a mixture of powdered chemicals, including
oleoresin capsicum derived from ghost pepper, which is also found in
traditional pepper sprays. The founders say their mixture is more
potent than the one used in a similar device used by the Department
of Homeland Security.

Users do not have to hit the target for SALT to
take full effect. Because
the pepper pellets explode upon contact, users simply have
to fire at anywhere near the target to create a peppery cloud of
protection that envelopes and disables the target. As a result, the
target experiences lung constriction, temporary blindness and severe
itching on the parts of the skin exposed to the chemicals, giving
users enough time to run to safety and contact the authorities.

Perhaps a not-so-simple question. Are
self-driving cars automotive technology or information technology?
Who can do it better?

… The new data offers previously unrecorded
gains in Antarctica, scientists say, but it challenges the
conclusions of other reports such as the 2013 Intergovernmental Panel
on Climate Change (IPCC) study. The IPCC's earlier report said that
the continent is continuously losing land ice.

According to the new NASA research published
in the Journal of Glaciology, the Antarctic ice sheet
accumulated a net gain of 112 billion tons of ice per year in the
period covering 1992 to 2001, but it decelerated to 82 billion tons
of ice per year in the 2003 to 2008 period.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.